"Surface invariants violation" crashes with --mash |
|||||||||||
Issue descriptionI get occasional crashes with the following stacktrace: [18677:18677:0615/125159.067563:FATAL:client_compositor_frame_sink.cc(157)] Surface invariants violation #0 0x7f3a6a2e2dec base::debug::StackTrace::StackTrace() #1 0x7f3a6a306eb1 logging::LogMessage::~LogMessage() #2 0x7f3a662950ae viz::ClientCompositorFrameSink::OnMojoConnectionError() #3 0x7f3a6a7f35a8 _ZNO4base8CallbackIFvjRKSsELNS_8internal8CopyModeE0ELNS4_10RepeatModeE0EE3RunEjS2_ #4 0x7f3a6a7f34f3 mojo::InterfaceEndpointClient::NotifyError() #5 0x7f3a6a7fbd8d mojo::internal::MultiplexRouter::ProcessNotifyErrorTask() #6 0x7f3a6a7f96d7 mojo::internal::MultiplexRouter::ProcessTasks() #7 0x7f3a6a7fad9f mojo::internal::MultiplexRouter::Accept() #8 0x7f3a6a7f1ab6 mojo::FilterChain::Accept() #9 0x7f3a6a7eded9 mojo::Connector::ReadSingleMessage() #10 0x7f3a6a7ee7f1 mojo::Connector::ReadAllAvailableMessages() #11 0x7f3a6a7ee6a9 mojo::Connector::OnHandleReadyInternal() #12 0x7f3a6a7cb20c mojo::SimpleWatcher::OnHandleReady() #13 0x7f3a6a7cb71f _ZN4base8internal7InvokerINS0_9BindStateIMN4mojo13SimpleWatcherEFvijEJNS_7WeakPtrIS4_EEijEEEFvvEE7RunImplIRKS6_RKSt5tupleIJS8_ijEEJLm0ELm1ELm2EEEEvOT_OT0_NS_13IndexSequenceIJXspT1_EEEE #14 0x7f3a6a2ce169 _ZNO4base8CallbackIFvvELNS_8internal8CopyModeE0ELNS2_10RepeatModeE0EE3RunEv #15 0x7f3a6a2e3784 base::debug::TaskAnnotator::RunTask() #16 0x7f3a6a314689 base::MessageLoop::RunTask() #17 0x7f3a6a314a8b base::MessageLoop::DeferOrRunPendingTask() #18 0x7f3a6a314ef7 base::MessageLoop::DoWork() #19 0x7f3a6a317719 base::MessagePumpLibevent::Run() #20 0x7f3a6a3142ab base::MessageLoop::Run() #21 0x7f3a6a349eea base::RunLoop::Run() #22 0x55f13fe6e7cb ChromeBrowserMainParts::MainMessageLoopRun() #23 0x7f3a679031a7 content::BrowserMainLoop::RunMainMessageLoopParts() #24 0x7f3a67905d06 content::BrowserMainRunnerImpl::Run() #25 0x7f3a678fec0f content::BrowserMain() #26 0x7f3a6813353c content::ContentMainRunnerImpl::Run() #27 0x7f3a6a822de9 service_manager::Main() #28 0x7f3a68132374 content::ContentMain() #29 0x55f13f4db65f ChromeMain #30 0x7f3a5e4b6f45 __libc_start_main #31 0x55f13f4db4c3 <unknown> Received signal 6 #0 0x7f3a6a2e2dec base::debug::StackTrace::StackTrace() #1 0x7f3a6a2e2951 base::debug::(anonymous namespace)::StackDumpSignalHandler() #2 0x7f3a6a464330 <unknown> #3 0x7f3a5e4cbc37 gsignal #4 0x7f3a5e4cf028 abort #5 0x7f3a6a2e0c55 base::debug::BreakDebugger() #6 0x7f3a6a307277 logging::LogMessage::~LogMessage() #7 0x7f3a662950ae viz::ClientCompositorFrameSink::OnMojoConnectionError() #8 0x7f3a6a7f35a8 _ZNO4base8CallbackIFvjRKSsELNS_8internal8CopyModeE0ELNS4_10RepeatModeE0EE3RunEjS2_ #9 0x7f3a6a7f34f3 mojo::InterfaceEndpointClient::NotifyError() #10 0x7f3a6a7fbd8d mojo::internal::MultiplexRouter::ProcessNotifyErrorTask() #11 0x7f3a6a7f96d7 mojo::internal::MultiplexRouter::ProcessTasks() #12 0x7f3a6a7fad9f mojo::internal::MultiplexRouter::Accept() #13 0x7f3a6a7f1ab6 mojo::FilterChain::Accept() #14 0x7f3a6a7eded9 mojo::Connector::ReadSingleMessage() #15 0x7f3a6a7ee7f1 mojo::Connector::ReadAllAvailableMessages() #16 0x7f3a6a7ee6a9 mojo::Connector::OnHandleReadyInternal() #17 0x7f3a6a7cb20c mojo::SimpleWatcher::OnHandleReady() #18 0x7f3a6a7cb71f _ZN4base8internal7InvokerINS0_9BindStateIMN4mojo13SimpleWatcherEFvijEJNS_7WeakPtrIS4_EEijEEEFvvEE7RunImplIRKS6_RKSt5tupleIJS8_ijEEJLm0ELm1ELm2EEEEvOT_OT0_NS_13IndexSequenceIJXspT1_EEEE #19 0x7f3a6a2ce169 _ZNO4base8CallbackIFvvELNS_8internal8CopyModeE0ELNS2_10RepeatModeE0EE3RunEv #20 0x7f3a6a2e3784 base::debug::TaskAnnotator::RunTask() #21 0x7f3a6a314689 base::MessageLoop::RunTask() #22 0x7f3a6a314a8b base::MessageLoop::DeferOrRunPendingTask() #23 0x7f3a6a314ef7 base::MessageLoop::DoWork() #24 0x7f3a6a317719 base::MessagePumpLibevent::Run() #25 0x7f3a6a3142ab base::MessageLoop::Run() #26 0x7f3a6a349eea base::RunLoop::Run() #27 0x55f13fe6e7cb ChromeBrowserMainParts::MainMessageLoopRun() #28 0x7f3a679031a7 content::BrowserMainLoop::RunMainMessageLoopParts() #29 0x7f3a67905d06 content::BrowserMainRunnerImpl::Run() #30 0x7f3a678fec0f content::BrowserMain() #31 0x7f3a6813353c content::ContentMainRunnerImpl::Run() #32 0x7f3a6a822de9 service_manager::Main() #33 0x7f3a68132374 content::ContentMain() #34 0x55f13f4db65f ChromeMain #35 0x7f3a5e4b6f45 __libc_start_main #36 0x55f13f4db4c3 <unknown> r8: ffffbf42d8c614f8 r9: ffffbf42d8c614e8 r10: 0000000000000008 r11: 0000000000000206 r12: 00007f3a5ed76940 r13: 00007ffe83a891d8 r14: 0000000000000068 r15: 00007ffe83a891d0 di: 00000000000048f5 si: 00000000000048f5 bp: 00007ffe83a88d30 bx: 00007ffe83a88d40 dx: 0000000000000006 ax: 0000000000000000 cx: 00007f3a5e4cbc37 sp: 00007ffe83a88bf8 ip: 00007f3a5e4cbc37 efl: 0000000000000206 cgf: 0000000000000033 erf: 0000000000000000 trp: 0000000000000000 msk: 0000000000000000 cr2: 0000000000000000 [end of stack trace] Calling _exit(1). Core file will not be generated. It often happens when closing the omnibox dropdown. For example: . press ctrl+t to open new tab. . type a, and very quickly type backspace. When you press 'a' in the omnibox, the dropdown shows up briefly, until you press backspace, which closes the dropdown, and then chrome crashes. I have to do these steps at most twice to get a crash.
,
Jun 15 2017
Nope. This was happening on my linux workstation with a chromeos build, with --mash.
,
Jun 29 2017
I'm also seeing this on my Linux workstation with --mash. It happens with omnibox usually. Most recently I was typing "chrome://user-actions" when it died. I've also seen it with the IME "mode switch" indicator bubble. Install a couple input methods via settings, put focus in the omnibox and hit Ctrl-Space. If you want to try this you'll need to patch in my CL that makes the bubble work, otherwise you'll crash elsewhere. https://chromium-review.googlesource.com/552902 Bumping priority because this is interfering with my ability to manually test things.
,
Jun 30 2017
,
Jul 17 2017
Issue 731947 has been merged into this issue.
,
Jul 17 2017
,
Jul 26 2017
The crash is happening with --mash on my Linux workstation consistently. If you have two tabs open and hover over the first tab to trigger the tooltip, then hover over the second tab with a different tooltip it crashes. Alternatively resizing a browser window also does it. This is caused by a failure in Surface::QueueFrame(). It's a mismatch between |frame_size| and |surface_info_.size_in_pixels| that is the problem. It appears that surface sync isn't sending a new LocalSurfaceId to the browser on resize? https://cs.chromium.org/chromium/src/components/viz/service/surfaces/surface.cc?l=122 This is blocking me from testing changes to mash thoroughly. Do you think you'll have a chance to look at this soon Fady?
,
Jul 26 2017
This appear to be a bug in tooltips and/or omnibox not viz. I'm reassigning to Sadrul. It seems that we're resizing the CompositorFrame without resizing the window or there'sa race.
,
Jul 31 2017
The mash_browser_tests are seeing this error, though its flaky
,
Aug 3 2017
I'm now seeing this in chrome --mash when I type "about:tr" in the omnibar
,
Aug 8 2017
,
Aug 8 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/b7bc95f390d1fd1b43017d21c507cb2e74e02f5f commit b7bc95f390d1fd1b43017d21c507cb2e74e02f5f Author: Sadrul Habib Chowdhury <sadrul@chromium.org> Date: Tue Aug 08 19:45:27 2017 ash: Change how local surface id is assigned in tests. In ash_unitests (--mus or --mash), the window server is not running. This means the ui::Compositor instances never receive a LocalSurfaceId from the server. In order for the compositors to be able to submit compositor frames, the test assigns a fake id. However, instead of assigning these ids at the beginning of each test, assign them as the compositor instances are created and/or resized, because it is possible for these compositors to be resized in the middle of a test (e.g. when screen is rotated, etc.) BUG= 733694 Change-Id: Ib4dbc8d39220385ec5c26277c1153cb1d21b462c Reviewed-on: https://chromium-review.googlesource.com/604877 Reviewed-by: Scott Violet <sky@chromium.org> Commit-Queue: Sadrul Chowdhury <sadrul@chromium.org> Cr-Commit-Position: refs/heads/master@{#492731} [modify] https://crrev.com/b7bc95f390d1fd1b43017d21c507cb2e74e02f5f/ash/test/ash_test_base.cc [modify] https://crrev.com/b7bc95f390d1fd1b43017d21c507cb2e74e02f5f/ash/test/ash_test_base.h
,
Aug 9 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e265d970d1b5dbe670badff34d4692d39714e58e commit e265d970d1b5dbe670badff34d4692d39714e58e Author: Sadrul Habib Chowdhury <sadrul@chromium.org> Date: Wed Aug 09 05:50:02 2017 mus demo: Fix double-initializing WindowTreeHost. WindowTreeClient already initializes the created WindowTreeHost instance. So WindowTreeData in mus-demo code does not need to do it again. BUG= 733694 Change-Id: I63623c7e00c8f9f26c0c7b5522ca2078da11f129 Reviewed-on: https://chromium-review.googlesource.com/606933 Reviewed-by: Scott Violet <sky@chromium.org> Commit-Queue: Sadrul Chowdhury <sadrul@chromium.org> Cr-Commit-Position: refs/heads/master@{#492838} [modify] https://crrev.com/e265d970d1b5dbe670badff34d4692d39714e58e/services/ui/demo/window_tree_data.cc [modify] https://crrev.com/e265d970d1b5dbe670badff34d4692d39714e58e/ui/aura/window_tree_host.cc
,
Aug 9 2017
Issue 753885 has been merged into this issue.
,
Aug 9 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e23c056cd731d31208154a4d332a7d95be7d166b commit e23c056cd731d31208154a4d332a7d95be7d166b Author: Sadrul Habib Chowdhury <sadrul@chromium.org> Date: Wed Aug 09 22:05:29 2017 blink: Cleanup SetViewportSize() api in tests. WebLayerTreeView::SetViewportSize() is only used in unit tests in blink. So move it out of WebLayerTreeView, into WebLayerTreeViewImplForTesting instead. Add API to WebViewHelper to make it easier to set the viewport size of the WebViewImpl in tests. BUG= 733694 Change-Id: Ief1372382cda2cd779f8f02091ca6596d183f3a6 Reviewed-on: https://chromium-review.googlesource.com/607592 Reviewed-by: Philip Jägenstedt <foolip@chromium.org> Reviewed-by: Antoine Labour <piman@chromium.org> Commit-Queue: Sadrul Chowdhury <sadrul@chromium.org> Cr-Commit-Position: refs/heads/master@{#493158} [modify] https://crrev.com/e23c056cd731d31208154a4d332a7d95be7d166b/content/renderer/gpu/render_widget_compositor.cc [modify] https://crrev.com/e23c056cd731d31208154a4d332a7d95be7d166b/content/renderer/gpu/render_widget_compositor.h [modify] https://crrev.com/e23c056cd731d31208154a4d332a7d95be7d166b/third_party/WebKit/Source/core/exported/WebViewTest.cpp [modify] https://crrev.com/e23c056cd731d31208154a4d332a7d95be7d166b/third_party/WebKit/Source/core/frame/FrameTestHelpers.cpp [modify] https://crrev.com/e23c056cd731d31208154a4d332a7d95be7d166b/third_party/WebKit/Source/core/frame/FrameTestHelpers.h [modify] https://crrev.com/e23c056cd731d31208154a4d332a7d95be7d166b/third_party/WebKit/Source/core/page/PageOverlayTest.cpp [modify] https://crrev.com/e23c056cd731d31208154a4d332a7d95be7d166b/third_party/WebKit/Source/platform/graphics/GraphicsLayerTest.cpp [modify] https://crrev.com/e23c056cd731d31208154a4d332a7d95be7d166b/third_party/WebKit/Source/platform/testing/WebLayerTreeViewImplForTesting.cpp [modify] https://crrev.com/e23c056cd731d31208154a4d332a7d95be7d166b/third_party/WebKit/Source/platform/testing/WebLayerTreeViewImplForTesting.h [modify] https://crrev.com/e23c056cd731d31208154a4d332a7d95be7d166b/third_party/WebKit/public/platform/WebLayerTreeView.h
,
Aug 10 2017
,
Aug 10 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/04d5dd4d7a57ba5ffe29ca76736c8e15ca907e4c commit 04d5dd4d7a57ba5ffe29ca76736c8e15ca907e4c Author: Sadrul Habib Chowdhury <sadrul@chromium.org> Date: Thu Aug 10 01:59:27 2017 cc: Take in LocalSurfaceId with a new size for LayerTreeHost. Specify a new LocalSurfaceId when changing the size of the LayerTreeHost. In case a new LocalSurfaceId is not already available, it is reset to an invalid id, so that commits are deferred until a valid id is available (the renderer gets this id from the browser, the browser receives this id from mus (when running with mus)). BUG= 733694 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: If73bce29747cc60379630377e7e74953e02f3f9f Reviewed-on: https://chromium-review.googlesource.com/606507 Commit-Queue: Sadrul Chowdhury <sadrul@chromium.org> Reviewed-by: Fady Samuel <fsamuel@chromium.org> Reviewed-by: Antoine Labour <piman@chromium.org> Cr-Commit-Position: refs/heads/master@{#493222} [modify] https://crrev.com/04d5dd4d7a57ba5ffe29ca76736c8e15ca907e4c/cc/trees/layer_tree_host.cc [modify] https://crrev.com/04d5dd4d7a57ba5ffe29ca76736c8e15ca907e4c/cc/trees/layer_tree_host.h [modify] https://crrev.com/04d5dd4d7a57ba5ffe29ca76736c8e15ca907e4c/cc/trees/layer_tree_host_unittest.cc [modify] https://crrev.com/04d5dd4d7a57ba5ffe29ca76736c8e15ca907e4c/content/renderer/gpu/render_widget_compositor.cc [modify] https://crrev.com/04d5dd4d7a57ba5ffe29ca76736c8e15ca907e4c/content/renderer/gpu/render_widget_compositor.h [modify] https://crrev.com/04d5dd4d7a57ba5ffe29ca76736c8e15ca907e4c/content/renderer/render_widget.cc
,
Aug 10 2017
,
Aug 10 2017
Issue 753593 has been merged into this issue.
,
Jan 22 2018
,
Feb 26 2018
|
|||||||||||
►
Sign in to add a comment |
|||||||||||
Comment 1 by samans@chromium.org
, Jun 15 2017